Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted dovecot 1:2.2.13-12~deb8u3 (source) into proposed-updates->stable-new, proposed-updates
Date: Sat, 22 Apr 2017 13:47:26 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Apr 2017 09:25:59 +0200
Source: dovecot
Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg
Architecture: source
Version: 1:2.2.13-12~deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Dovecot Maintainers <jaldhar-dovecot@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 dovecot-core - secure POP3/IMAP server - core files
 dovecot-dbg - secure POP3/IMAP server - debug symbols
 dovecot-dev - secure POP3/IMAP server - header files
 dovecot-gssapi - secure POP3/IMAP server - GSSAPI support
 dovecot-imapd - secure POP3/IMAP server - IMAP daemon
 dovecot-ldap - secure POP3/IMAP server - LDAP support
 dovecot-lmtpd - secure POP3/IMAP server - LMTP server
 dovecot-lucene - secure POP3/IMAP server - Lucene support
 dovecot-managesieved - secure POP3/IMAP server - ManageSieve server
 dovecot-mysql - secure POP3/IMAP server - MySQL support
 dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support
 dovecot-pop3d - secure POP3/IMAP server - POP3 daemon
 dovecot-sieve - secure POP3/IMAP server - Sieve filters support
 dovecot-solr - secure POP3/IMAP server - Solr support
 dovecot-sqlite - secure POP3/IMAP server - SQLite support
Changes:
 dovecot (1:2.2.13-12~deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Revert "auth: Do not double-expand key in passdb dict when authenticating
     (CVE-2017-2669)"
     This reverts the applied patch which resulted in no longer interpreting
     placeholders in the keys even once with dict-based userdb or passdb.
     The actual vulnerability was introduced later with "auth-db-dict: Allow
     key name expansion" in 2.2.26.
     Thanks to Nick Thomas <me@ur.gs> and Aki Tuomi <aki.tuomi@dovecot.fi>
Checksums-Sha1: 
 45108e602e9713602357dfba443c211fa55e0386 3430 dovecot_2.2.13-12~deb8u3.dsc
 c473447a3eb4b9d49596be6a4aa79fd4d142893b 735944 dovecot_2.2.13-12~deb8u3.debian.tar.xz
Checksums-Sha256: 
 f2e11d0735258596e3adee992eaf98709a3f95b135f0513ae6d8bab9e55e97c6 3430 dovecot_2.2.13-12~deb8u3.dsc
 180a9a609771e91132e319c17bab612983104158ba5d378e418b1f21634331e9 735944 dovecot_2.2.13-12~deb8u3.debian.tar.xz
Files: 
 56dd04921e48c53685a967bfdbe9676e 3430 mail optional dovecot_2.2.13-12~deb8u3.dsc
 957fcd3bf56cd414d3484a4f70889013 735944 mail optional dovecot_2.2.13-12~deb8u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljshoZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EoIcP/1ZY1pN2E5qSxThxo1rR3JBqpvy8WkuC
cnuwjrAqhFdxOJbQJiI61PAIDZCU5hF9t0w89i/Zd0+7J5m+HEcZDoSUZ+6M4nel
qSli1ymDhFqodTTVJbuKbN/jLugaRih4lSScXtC1JeyWkA5j8vpTkPWSSEy8qK6t
KsB8Fo1IHJJV9nm3/zI8i2UWuiJqjadggNC56P9kh6aXvbDQ0pqSD0jz5NwQhLF6
AITJnAR0WRM3Pre07gs7RjpzZACjgR2NVEqSzbuaS5FK4ytOkvf4aow3mhdJkM8P
w11LB3kZAh7y1HKQ4xLRK+n8dvkTiug4dp/KAg6SUqm7Y8Y3ARmCPuFPjv9TRugz
+NWBfMv97dbTDYXZ3kemzQdAqdaRs0kjaqv9kDeq/JiNhJjvGof3Bos13ZncsZ0m
tOnDY7rb7xi4aCldtvXRgKlzM4jqqkvegSc1PJJ5Gk2wztWeWG7EPOq28NuTE+Zx
8cBK0hAIhQ9cagdcHMQh77iAqm/HP5scHNNezXxFzzwfPM7Kyt/gTcNeP8BUD5sL
rWMghNKv2e3+mtpoSJ7uSkRwvduD5rtX+we062oSz/u+Lwihte4RP9hwUWIpaqXk
/bMEoplSQLHAAzxFa+Vb91pEm+mjpvkN2p4h+x0VaTIAe4H1r3Hi/AiKIo5VDZx9
41pgHeJfsLMP
=mxVi
-----END PGP SIGNATURE-----
News for package dovecot
